General
-
Target
Report10-13.exe
-
Size
2.1MB
-
Sample
201013-abmm6j14xx
-
MD5
e94a676012fde240328e1ecc967c190b
-
SHA1
55fbc6c53b379c42a49f155809b76350526aec8f
-
SHA256
f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf
-
SHA512
525d9b293c3486e4ea69b9cac819399d54fd0fe5b94b0f87266ee4331bd7f530d7e0068a13c27bad942d5c05086f38439d376122cdefb59e8ec8e5cdd3711178
Static task
static1
Behavioral task
behavioral1
Sample
Report10-13.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
Report10-13.exe
-
Size
2.1MB
-
MD5
e94a676012fde240328e1ecc967c190b
-
SHA1
55fbc6c53b379c42a49f155809b76350526aec8f
-
SHA256
f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf
-
SHA512
525d9b293c3486e4ea69b9cac819399d54fd0fe5b94b0f87266ee4331bd7f530d7e0068a13c27bad942d5c05086f38439d376122cdefb59e8ec8e5cdd3711178
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-